Presented by

  • Esther Payne

    Esther Payne
    @onepict

    Esther is an IT professional with over twenty years of experience and a BSc (Hons) in Computer Science from the Robert Gordon University. She then discovered she preferred people rather than programming. Having worked with all sizes of businesses and across various industries her interest has always been on how to make computing more accessible to the masses. She believes that no matter what your age you can use Linux and free software. As a user of Kubuntu Linux for 12 years, she is extremely proud of her father who now runs Ubuntu Linux after she refused to support his windows system anymore. In fact her father regularly installs and manages his own Linux systems proving the accessibility of Linux for all ages. She works with hosting and IT support companies as well as interesting Open Source projects. Having been in Open Source for over a decade she believes that anyone can contribute to a project as everyone has a different skill to bring to a project. The more the merrier. Having been an internet user since the 1990s, Esther is looking forward to the next stage of the internet and to help bring it back to it's decentralized roots. She also believes in the importance of Privacy and is interested in how to safeguard it. Esther enjoys meeting new people and discovering exciting new Open Source Projects and the communities behind them.

Abstract

In 1996 Brian E. Carpenter of IAB and Fred Baker of IETF wrote a co-statement on cryptographic technology and the internet. This RFC wasn't a request for a technical standard, it was a statement on their concerns about Governments trying to restrict or interfere with cryptography. They felt that there was a need to offer "All Internet Users an adequate degree of privacy" Since that time successive governments around the world have sought to build back doors into encrypted apps and services to access more citizen and visitor data. As of July 2019, the AG of the United States William Barr stated: “Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” i.e For security Americans should accept weakened encryption. The head of the FBI also claimed that weakened encryption wouldn't break it. In Australia the metadata retention laws have been abused against journalists with 58 searches carried out by the AFP. In 2015 ACT police carried out 115 metadata searches. UK officials have a cavalier attitude to the EU SIS database which tracks undocumented migrants, missing people, stolen cars, or suspected criminals. IETF Session 105 mentioned privacy and concerns with the mass collection of data. While the IAB and IESG were worried about US export controls on cryptography there is an argument for RFC 1984 to be updated to include the unnecessary mass collection of data and to use it as a term for IT professionals, privacy advocates and the public to rally behind. In this talk let's recount a brief history of governments around the world wanting to weaken encryption as RFC 1984 warned us about. We live in a time where citizens put data into commercial, healthcare and Government systems to access services, some services are only accessible online. From CCTV to Facebook people have little understanding of why mass collection of data is dangerous. There is little scrutiny of who can access that data, from Scotland to the US. Open Surveillance is only a small part of the picture when profiling citizens. It still counts as personal data, when combined with metadata and the actual data that people put into social media and services like ancestor DNA test kits. Businesses who use CCTV have to put up signs to warn the public they are recording. So called anonymized data still contains identifiers that can tie to individuals. Let's talk about Ovid and peacocks. Let's explore how to expand the RFC to cover recent developments in surveillance capitalism with governments accessing that data, but not securing it. We need to make it clear weakened encryption, the mass collection and careless retention of data isn't acceptable. We need to update and implement RFC 1984.